Our selection of the most recent infosec articles from around the web, including a vulnerability, a malware and a phishing attack all directed at Microsoft users. Sucuri reports an increase in Troldesh ransomware.

For more articles, check out our #onpatrol4malware blog.

Microsoft

Troldesh Ransomware Dropper

Source: Sucuri

Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors. Read more.

microsoft

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Source: Carnegie Mellon University

Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Read more.

microsoft

In the Balkans, businesses are under fire from a double‑barreled weapon

Source: ESET

ESET researchers discovered a campaign that uses two malicious tools with similar capabilities to ensure both resilience and broader potential for the attackers. Read more.

install ransomware

Microsoft Warns of Phishing Attacks Using Custom 404 Pages

Source: BleepingComputer

Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials. Read more.

Microsoft

Psychological Tricks of the Malware Trade

Source: Tripwire

Unfortunately, this is a trick not lost on malware designers, who are increasingly exploiting clever traps that leverage the psychology of end users and system administrators alike. Read more.

vulnerabilities

A new Zero-Day in Steam client impacts over 96 million Windows users

Source: Security Affairs

A new zero-day vulnerability for Microsoft Windows impacting over 96 million users was disclosed by researcher Vasily Kravets. Read more.

vulnerabilities

New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry

Source: Cofense

The CofenseTM Phishing Defense CenterTM has observed a new phishing campaign that spoofs a PDF attachment to deliver the notorious Adwind malware. Read more.

Microsoft

Cybersecurity: This trojan malware being offered for free could cause hacking spike

Source: ZDNet

NanoCore RAT can steal passwords, payment details, and secretly record audio and video of Microsoft Windows users. Read more.